Quicktime has been updated yet again (7.4.1), and apparently it’s a security patch again. iPhoto has also been updated to 7.1.2. Get out your tin foil hats… apparently they’re security based. More info on each of the applications can be found after the jump.
Impact: Visiting a malicious website may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in QuickTime’s handling of HTTP responses when RTSP tunneling is enabled. By enticing a user to visit a maliciously crafted webpage, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.
Impact: Subscribing to a maliciously crafted photocast may lead to arbitrary code execution
Description: A format string vulnerability exists in iPhoto. By enticing a user to subscribe to a maliciously crafted photocast, a remote attacker may cause arbitrary code execution. This update addresses the issue through improved handling of format strings when processing photocast subscriptions. Credit to Nathan McFeters of Ernst & Young’s Advanced Security Center for reporting this issue.